In an increasingly volatile world, managing ESG risks across your supply chain can be the difference between maintaining business continuity and profitability and not. This article explores what you can do to address risks today.
If there is one thing that recent events have taught us about global supply chains in the past few years, it is that they are far more susceptible to risk than previously thought. Whether driven by a global pandemic, by geopolitical conflict, or by adverse effects driven by climate change, corporations must continue to raise their efforts to assess the different forms of risk to their business continuity, operational effectiveness, and overall profitability.
In this context, it is becoming ever more important for companies to anticipate, monitor, and proactively deal with supply chain risks. Perhaps nowhere is this more true than in the Environment, Social, and Governance (ESG) space, where a recent study showed that only 45% of companies actively track ESG risks in their extended ecosystem. Related to – or perhaps driven by – this alarming finding is the fact that companies which recognize the importance of ESG (as measured by their relative ESG index ratings) routinely outperform their market equivalents, as demonstrated in this Morningside report.
Unlike traditional supply chain dimensions of risk, which tend to cover technical quality, cost effectiveness, speed of delivery, and reliability, ESG-related dimensions often focus on greater reputational and operational risks which span a variety of topics including:
- Environmental pollution – waste management, power consumption and energy use, transportation and shipping
- Shortages of raw materials and natural resources
- Workforce health and safety incidents
- Labor disputes
- Corruption and bribery
- Geopolitical considerations
Without focused management of these risks, investors and consumers may lose trust, generating cascading effects ranging from declining revenues to increased difficulty in attracting talent.
An added layer of complexity and risk in all of this is the effect that third party providers and suppliers can have in affecting the reputation of their clients. Mere affiliation with an organization that violates ESG regulations can directly impact an organization’s reputation and profitability, making Third Party Risk Management both upstream and downstream nearly as important as managing in-house risks.
To help guide business leaders in exploring the potential ESG risks that may be facing their businesses, a few guiding questions should be considered:
- How will future shocks impact the resilience of third parties upstream and downstream of my organization?
- How will current supply chain issues and other global challenges affect the financial health of my third-party ecosystem?
- How will ESG issues impact my organization’s third-party risk management going forward?
- How will my company drive continuous monitoring to keep pace with the shifting landscape?
ESG reporting mandates today
As ESG regulations become increasingly pervasive — see the proposed SEC and enacred UK climate-related disclosures to name a few — business leaders must understand regulatory mandates to ensure that they and their vendors are compliant with the latest ESG regulations. Below are a few that business leaders should consider today.
- US Foreign Corrupt Practices Act: Improves corporate governance practices by requiring companies listed in the US to keep records and maintain internal accounting controls to detect transactions that could be considered as bribery
- European Corporate Due Diligence Act: Aims to unify European Union (EU) member states’ approaches to enforcing human rights and environmental laws at the weakest points in organization’s value chains—their third party relationships
- Dodd-Frank Act – Section 1502 (US Conflict Minerals Law): Requires US publicly-listed companies to check their supply chains for tin, tungsten, tantalum and gold, if they might originate in Congo or its neighbors, take steps to address any risks they find, and to report on their efforts every year to the US Securities and Exchange Commission (SEC). Companies are not encouraged to stop sourcing from this region but are required to show they are working with the appropriate care—what is now known as “due diligence”—to make sure they are not funding armed groups or human rights abuses
- UK Bribery Act: Encourages companies to validate supplier anti-bribery practices with external verification and monitoring
- UK Modern Slavery Act: Designed to combat modern slavery in the UK and consolidates previous offenses relating to trafficking and slavery. Organizations must produce a transparency statement that includes details of any steps taken during the relevant financial year to ensure that modern slavery does not occur in the organization and its supply chains
- Dutch Child Labor Due Diligence Act: Requires companies selling goods and services to Dutch end-users to determine whether child labor occurs in their supply chains. If so, companies must set out a plan to combat it and issue a due diligence statement on their investigation and plan of action
- Australia Modern Slavery Bill: Requires large Australian and foreign entities operating in Australia to report annually on the risks of modern slavery in their operations and supply chains and the actions taken to address those risks
- California Transparency in Supply Chains Act: Geared towards providing consumers with critical information about companies’ efforts to prevent and drive out human trafficking and slavery in their supply chains – both domestically and internationally. Organizations that operate in California are required to disclose on their website their efforts to eradicate slavery and human trafficking from their direct supply chain for tangible goods offered for sale
These mandates are not necessarily applicable to all major organizations (much will vary depending on the company’s size, sector, and location), but they are important to be aware of. Organizations should understand their third party’s practices around these mandates to protect against ESG-related risk.
Looking ahead – anticipated ESG reporting mandates
As ESG gains traction, more mandates are expected to be introduced as early as the end of 2021. This includes one of the most encompassing mandatory due diligence and disclosure mandates yet — Mandatory Corporate Human Rights and Environmental Due Diligence from Europe. This regulation, and those below, set the tone for the most stringent regulations in the years to come:
- Transparency In Supply Chains Act (Canada): Imposes obligations on Canadian businesses to take steps to prevent the use of modern slavery in their overseas supply chains and create reporting obligations on qualifying entities, including completion of a supply chain questionnaire on a company’s policies and procedures related to forced labor, child labor and human trafficking
- Uyghur Forced Labor Prevention Act (United States): Imposes various restrictions on China’s Xinjiang Uyghur Autonomous region, including prohibiting certain imports from Xinjiang and imposing sanctions on those responsible for human rights violations there
- Mandatory Corporate Human Rights and Environmental Due Diligence (Europe): Imposes requirements on companies to conduct environmental and human rights due diligence within their supply chains, including their operations, direct and indirect business relations and investment chains. The proposed rules would apply to any company that operates within the EU market, regardless of whether or not they are established in the EU
- Initiative Multinationales Responsables (Switzerland): Similar to the E.U.’s Mandatory Corporate Human Rights and Environmental Due Diligence, this initiative establishes mandatory due diligence for environmental and human rights issues. Firms would be liable for any human rights abuses, and environmental violations caused abroad by companies under their control
The growing list of mandates offers a taste of what’s to come for ESG reporting. Even if your organization has a solid ESG posture, there’s likely to be weaknesses within your vendor population. Organizations should prepare by taking a proactive approach to managing ESG-related risk in their third parties.
With public scrutiny of ESG practices on the rise and the increase of related penalties, there is no shortage of reasons for leaders to leverage best practices for third-party ESG risk management. How can leaders get started? We’ve compiled a list of best practices to get started.
- Create centralized program – Tackling ESG-related risk in your vendor population begins with a centralized third-party risk management program. Each vendor’s ESG-related risk areas should be determined and weighed before onboarding. ESG risk ratings can be leveraged to help the organization determine the frequency and scope of ongoing monitoring during the relationship. Depending on the organization’s priorities, it may be worthwhile to implement due diligence systems regarding key ESG-related risks in operations and the supply chain
- Profile vendors to scope assessments – Categorize third parties based on industry, location, services performed, and regulatory profile can help to prioritize and plan ESG risk assessments
- Perform initial due diligence – During the onboarding phase, check the new vendor against ESG databases such as watch/sanction lists, politically exposed persons list, security ratings, financial ratings and reputation/brand lists
- Execute ongoing due diligence – Go beyond initial database checks by conducting automated third-party assessments that leverage regulatory-specific questionnaires and require evidence for validation
- Reporting on key ESG requirements – Conduct regulatory-specific reporting and align ESG risks against cybersecurity, data privacy, and financial risks for a more holistic view of each third party
How can companies get started with ESG?
With more global leaders recognizing the risks related to climate change, expect to see all businesses come under scrutiny for their ESG practices. The best way to avoid any negative attention is to get ahead of the curve, by learning how to write a report before you are asked if you have one.
Where do you stand in your journey toward sustainability, climate leadership, and ESG investment/reporting?
See additional resources below: